Security researcher Jeremy Brown says SCADA software vendors lag far behind other IT firms in vulnerability research and lack even a basic awareness of modern security principles. Security is more often an add-on rather than a core component of SCADA systems, Brown said. SCADA vendors are not receptive to vulnerability reports from security researchers and often lack the internal processes to properly handle and address vulnerabilities discovered by outside researchers. Brown has developed a prototype of a Metasploit-style framework, dubbed SploitWare, for testing a number of zero day holes he has discovered in SCADA.
Source: https://threatpost.com/scada-vendors-still-need-security-wake-call-102410/74603/